CVE-2026-7374 affecting package kubevirt for versions less than 1.7.1-6

CVE-2026-7374 affecting package kubevirt for versions less than 1.7.1-6. A patched version of the package is available...

CVE-2026-42502 affecting package kubevirt for versions less than 1.7.1-5

CVE-2026-42502 affecting package kubevirt for versions less than 1.7.1-5. A patched version of the package is available...

CVE-2026-46597 affecting package kubevirt for versions less than 1.7.1-5

CVE-2026-46597 affecting package kubevirt for versions less than 1.7.1-5. A patched version of the package is available...

Linux Distros Unpatched Vulnerability : CVE-2026-44681

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's...

WordPress plugin Splide Carousel Block 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

UBUNTU-CVE-2026-48845

In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...

CVE-2026-48845

In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...

UBUNTU-CVE-2026-48843

Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix fo...

CVE-2026-48849

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored value could lead to stored XSS/HTML/CSS injection on shared mailboxes...

CVE-2026-48849

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored value could lead to stored XSS/HTML/CSS injection on shared mailboxes...

CVE-2026-48843

Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix fo...

CVE-2026-48843

Roundcube Webmail 1.6.x (1.6.14–1.6.16) and 1.7.x before 1.7.1 expose an issue where insufficient CSS sanitization in HTML email messages can cause SSRF or information disclosure, for example via stylesheet links pointing to local network hosts. This stems from an insufficient fix for CVE-2026-35...

CVE-2026-48842

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...

PT-2026-43108

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.14 through 1.6.16 Roundcube Webmail versions prior to 1.7.1 Description Remote image blocking is not honored for URLs pointing to local or private destinations. This issue can be triggered via a text/html email...

WordPress Kapee theme < 1.7.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Kapee versions 1.7.1...

EUVD-2026-20542

A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow...

CVE-2026-30818

CVE-2026-30818 affects TP-Link Archer AX53 v1.0 (AX53) with dnsmasq. An OS command injection occurs when processing a specially crafted configuration file, due to insufficient input validation. An authenticated adjacent attacker can execute arbitrary code, potentially modify device configuration,...

CVE-2026-30817 Arbitrary File Reading Vulnerability in dnsmasq Module in TP-Link AX53

An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device,...

CVE-2026-30816

The CVE-2026-30816 entry details an external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0. An authenticated adjacent attacker can read arbitrary files when a malicious configuration file is processed, potentially leading to unauthorized access to sensitive dat...

CVE-2026-30815 OS Command Injection Vulnerability in OpenVPN Module in TP-Link AX53

An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow modificatio...